AVL Blog - Communications Law & Technology

View Original

Comment On Use Of E-Rate Funding For Next-Generation Firewalls & Services Due February 13, 2023

Tony Veach

December 14, 2022 – The FCC’s Wireline Competition Bureau has issued a Public Notice seeking comment on “the use of E-Rate program funds to support advanced or next-generation firewalls and services, as well as other network security services.”[1] Comments are due on or before February 13, 2023, and reply comments are due March 30, 2023.

The Wireline Bureau released the Public Notice after receiving several petitions and requests asking the FCC to allow E-Rate funding for next-generation firewalls and other network security services. Appendix A to the Public Notice lists a total of 19 such petitions and requests.

E-Rate Background

The E-Rate program was created by the Telecommunications Act of 1996 to ensure that nearly every school and library across the U.S has basic access to communications services by authorizing eligible schools, libraries, and school and library consortia to apply for discounts for eligible telecommunications services. Over the last two decades, the E-Rate Program has helped bring Internet access to America’s classroom, and demand for E-Rate funding continues to exceed the annual amounts available.

When the FCC modernized the E-Rate program in 2010 “to bring fast, affordable Internet access to schools and libraries across the country,”[2] many E-Rate stakeholders “advocated to expand E-Rate support for anti-virus and anti-spam software, intrusion protection, and intrusion prevention devices.”[3] E-Rate stakeholders have repeated their pleas for services and devices aimed at preventing cyber incidents during other major E-Rate proceedings. However, each time the FCC has declined to do so, continuously citing a need to focus E-Rate support on the program’s primary purpose – connectivity.[4] It should be noted, though, that the E-Rate program currently indirectly supports firewalls in two specific instances. E-Rate funds basic firewall service provided as part of a vendor’s Internet service as a Category One service, and funds separately priced basic firewalls and services as a Category Two service subject to an applicants’ five-year Category Two budget.[5]

E-Rate Funding For Next-Generation Firewalls & Network Security Services

E-Rate stakeholders are once again advocating to allow the use of E-Rate funding for next-generation firewalls and other network security services. Why? Schools have increasingly become a target of ransomware attacks and other cyber incidents. Every day, more and more schools rely on technology for the classroom and online learning, making network security tools even more vital. This is not a new issue. The Biden administration has taken note of the cyber risks posed to America’s schools, and has begun the process to help address them. President Biden “signed the K-12 Cybersecurity Act of 2021,23 which directed the U.S. Department of Homeland Security to conduct a study of K-12 cybersecurity risks that addresses the specific risks that impact K-12 educations institutions; evaluates cybersecurity challenges K-12 educational institutions face; and identifies cybersecurity challenges related to remote learning.”

By issuing the Public Notice, the FCC has begun the process of potentially bringing network security services into the E-Rate program. One thing to note from the Public Notice is that the Wireline Bureau mentioned “a proposal for a three-year pilot program to fund advanced firewalls and services as a Category Two service.”[6] If the FCC moves forward with funding these services, it’s possible a pilot program would be the first step. Something to watch.

In the Public Notice, the Wireline Competition Bureau requests comment on the following issues:

Definition Of Advanced Or Next-Generation Firewalls And Services.  The E-Rate program, currently defines “firewall” as “a hardware and software combination that sits at the boundary between an organization’s network and the outside world, and protects the network against unauthorized access or intrusions.” Comment is sought on the current definition of firewall and whether any modifications may be appropriate.

Eligible Equipment And Services & Their Costs.  The Wireline Competition Bureau requests public comment on “the specific equipment and services that E-Rate should support to fund as advanced or next-generation firewalls and services, as well as the costs associated with funding these services.” As examples, the Bureau provides the following from Fortinet’s and Funds For Learning’s petitions: Fortinet requests E- Rate support for advanced or next-generation firewalls and services that include the following capabilities: intrusion prevention/intrusion detection (IPS/IDS), VPN, distributed denial-of-service (DDoS) protection, and network access control (NAC); and FFL suggests advanced firewall features should include intrusion detection/prevention, malware detection/filtering, application control/visibility, antispam services, URL/DNS filtering, and endpoint-related protections.

Comment is sought from all E-Rate stakeholders, particularly from schools, libraries, and other stakeholders that have recent experience with advanced firewall services, on the following questions and issues:

  • What are the advanced or next-generation firewalls and services needed to protect schools’ and libraries’ broadband networks from cyberattacks?

  • What advanced firewall services should be considered to be eligible “advanced or next-
    generation services” for E-Rate support?

  • How should funding for these advanced services be prioritized, given that there is not sufficient E-Rate support to fund every advanced or next generation firewall service? For example, should end-point related protections be excluded from E-Rate eligible advanced or next-generation firewalls and services – why or why not?

  • Should Firewall as a service (FWaaS) should be eligible for E-Rate support?

  • Should the FCC expand E-Rate support to fund advanced or next-generation firewalls and services, or continue to fund only basic firewalls and services as is currently allowed in the E-Rate program? Would doing so affect the E-Rate program’s longstanding goal of basic connectivity? Instead of expanding the eligibility of firewalls and services at this time, should the FCC continue working with its federal partners, including CISA and the Department of Education to develop a holistic approach to address and prevent cyberattacks against the K-12 schools and libraries?

  • Will providing funding only for advanced or next-generation firewalls and services be sufficient to protect K-12 schools’ and libraries networks from cyberattacks?

  • Is the amount of E-Rate funding allowed under its funding cap sufficient to cover all of the eligible schools’ and libraries’ connectivity needs, as well as their advanced firewall and other network security services?

Categorization of Firewall Services And Components – Category 1 Or 2.  Under the FCC’s current E-Rate rules, basic firewall service provided as part of a vendor’s Internet access service is eligible as a Category One service. Separately priced basic firewall services and components are eligible as a Category Two service. In general, comment is sought on whether advanced or next-generation firewall services and components should be eligible as a Category One and/or Category Two service.

  • If FWaaS is determined eligible for E-Rate support, should FWaaS be eligible for Category One and/or Category Two support? Should advanced or next-generation firewalls and services only be eligible for Category Two support and subject to the applicant’s five-year Category Two budget? Why or why not?

  • If advanced firewall or next generation services should be eligible as both a Category One and Category Two service, how should the Commission delineate these services as a Category One and as a Category Two service?

Cost-Effective Purchases Of Next-Generation Firewall Services.  If the FCC makes advanced or next-generation firewall services eligible as only Category Two service, comment is sought on whether this would be an effective way to ensure applicants are making cost-effective choices when requesting these services and equipment.

  • Are there other measures the FCC could adopt to ensure cost-effective purchases of advanced or next-generation firewalls and services are being made?

  • Should funding be limited to only cloud-based advanced or next-generation firewalls and services to ensure funding is not spent on firewall equipment that will need to be replaced every three to five years?

  • What are other steps the FCC could take to ensure that limited E-Rate funds are cost-effectively used for advanced or next-generation firewalls and services?

  • How can these limited funds be allocated to ensure applicants are making cost-effective purchases?

  • What steps should the FCC take to ensure the constrained E-Rate funds are available for its primary purposes of bringing connectivity to and within the schools and libraries in light of the significant annual costs associated with advanced or next-generation firewalls and services?

Legal Authority Issues.  The Wireline Competition Bureau requests comment on the FCC’s legal authority to add advanced or next-generation firewalls and services as an eligible service for the E-Rate program. Sections 254(c)(1), (c)(3), (h)(1)(B), and (h)(2) of the Communications Act grant the FCC broad and flexible authority to set the list of services that will be supported for eligible schools and libraries, as well as to design the specific mechanisms of support. In light of this statutory authority, comment is sought on the following questions and issues:

  • Do other stakeholders agree that the addition of these services is within the scope of the FCC’s legal authority?

  • Are there other legal issues or concerns the FCC should consider before extending E-Rate support to advanced or next-generation firewalls and services?

  • Are there statutory limitations that the FCC should consider? What are these limitations?

**********

[1] Wireline Competition Bureau Seeks Comment On Requests To Allow The Use Of E-Rate Funds For Advanced Or Next-Generation Firewalls And Other Network Security Services, WC Docket No. 13-184, Public Notice, DA 22-1315, (Dec. 14, 2022) (Public Notice), https://docs.fcc.gov/public/attachments/DA-22-1315A1.pdf.

[2] Schools and Libraries Universal Service Support Mechanism, CC Docket No. 02-6, A National Broadband Plan For Our Future, GN Docket No. 09-51, Sixth Report And Order, FCC 10-175 (Sep. 28, 2010), https://docs.fcc.gov/public/attachments/FCC-10-175A1.pdf.

[3] Public Notice at p. 3.

[4] The FCC “has declined to extend basic firewall services to include anti-virus and anti-spam software, intrusion protection and intrusion protection devices that monitor, detect, and deter threats to a network from external and internal attacks, and other services to protect networks, and has also removed virtual private networks (VPN) and other data protection services from the E-Rate eligible services list beginning in funding year 2015.” Public Notice at pp.

[5] Public Notice at p. 2.

[6] Public Notice at p. 5.